Don't bother hiding your SSID. It will show up anyway on all passive sniffers and offers almost no security advantage. As a side effect, it makes it difficult for others to select an unoccupied channel, and confuses some wireless client software.
There are lots of suggestions around on how to properly secure a wireless router. Advice varies. My personal list of basics do not follow the orthodoxy. In order of importance:
Keep the wireless router firmware up to date. Security problems are constantly being identified and fixed. You don't want to be a victim of a known exploit.
Change your SSID, keys, SNMP, and passwords from the defaults. Like all passwords, establish a set schedule for changeing them.
Use WPA with a decent key that's at least 20 chars long. Also change this password per a set schedule.
Don't punch too many holes in your firewall (port redirection). This has nothing to do with wireless security but will prevent suprises that arrive via the internet.
Limit your RF exposure to only those areas you intend to cover. It makes no sense to make it easy for the neighbors 13 year old brat to see your traffic. Use directional antennas and reflectors to direct the signal to the inside of your house and away from the windows.
Disable remote admin unless you need it.
Use MAC address filtering even though it offers almost no security benifits. It's to keep my log files from filling with accidental connect attempts and garbage.
Monitor the firewall with: SNMP
formatting link
formatting link
other intusion detection system. If you're really into it, monitor connections with:
formatting link
may be overkill but you don't have to leave these running all the time. Just take a look at what's moving when something weird happens, like unusual and unexpected traffic.
Laptop security is a different issue. Any wireless hacker that can connect to your wireless router can "see" both your desktop and your laptop. The router inside your wireless router box does nothing as it only protects against attacks from the WAN (internet) side, and does NOTHING on the LAN side. Therefore, if you're expecting visitors bearing laptops on your network, you want to treat them as they are hostile visitors until otherwise proven. Skool kids coming home for the Xmas vacation bearing laptops full of file sharing software with spyware and worms attached are the major risk.
Therefore, I suggest you defend both your desktop and laptop with a suitable personal software firewall. The Windoze Firewall that comes with XP SP2 is totally adequate for the job. The default setting are usually just fine. I suggest you familiarize yourself with the various pages and settings so you know how it works. Otherwise, a 3rd part personal firewall, such as ZoneAlarm, Kerio, Norton Firewall, McAfee Firewall, etc, will work.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.